API Governance with Postman v10


API governance is the application of rules to promote a consistent set of API behaviors across the company’s API landscape. Traditionally, these are performed by a manual review process, thus making them error-prone and inconsistent. In addition, errors are identified late in the API development lifecycle impacting the productivity of development teams and causing production incidents.

With Postman API Governance, companies can shift left in their development cycle to speed up development efficiency and reduce costs by detecting and addressing software defects earlier, rather than waiting until they get to production.

How to set up API Governance within Postman

With Postman Enterprise, you can choose and configure governance rules that you’d like to enable for your team. The Postman API Platform enables a few governance rules out of the box to help you get started. This can be accessed in Postman from your team’s home page, as shown below.

gif of Managing governance rules for your team
Managing governance rules for your team

Admins in your team are authorized to manage the governance rules. You can also utilize Postman’s pre-built governance rules library to expand your program. We’ll continue enriching this library to help you along your API journey.

gif of Enable or disable governance rules for your team
Enable or disable governance rules for your team

Leverage the power of Spectral within Postman

Spectral is a linting engine that helps you define custom rules and execute them on JSON and YAML OpenAPI v2 and v3.x specifications.

With the launch of Postman v10, Postman now supports the addition of Spectral rules to the configured API Governance rules for your team. Leveraging Spectral guidelines, Team Admins can now define and import Custom Rules.

gif of Adding custom rules for your team
Adding custom rules for your team

Postman helps your organization’s API architects continuously improve the state of your APIs. An update to a governance ruleset will automatically be shared across the team so everybody is kept up to date.

With Postman v10’s API Governance features embedded into each stage of your API lifecycle, let’s look at how they can help you throughout the entire API lifecycle.

How to use Postman for enabling API Governance

The key to an effective API Governance initiative for your team is to make sure that all API producers on your team are given feedback early in the API lifecycle as possible. The Postman API Platform helps developers understand API Governance postures early in the design process and provides them with in-app notifications when governance rules are violated—all within the workspaces they already use for API development.

Governance while defining APIs

API definitions stored in Postman can be checked against your governance rules. Collaborators can get feedback regarding the posture of their API design using the Rule violations tab at the bottom of the screen.

gif of Governance violations for API definitions
Governance violations for API definitions

Each governance violation is shown to a collaborator along with its severity as defined by the organization. Violations for rules included in the Postman rule library also contain a reference to the Postman Learning Center explaining the impact of the violation and possible ways to remedy it.

gif of Possible fix for governance violations
Possible fix for governance violations

Enabling governance during CI/CD builds

You can also configure linting against specifications to be executed in your CI/CD systems using Postman CLI.

gif of Configuring Postman CLI
Configuring Postman CLI

Developers can build automation on top of this by piping the console response shown above to any file, which can be reviewed as part of the review gate checklist before your API deployments.

Apart from showing governance rule violations in the console, Postman CLI also sends this data back to the Postman API Platform—allowing for governance results to be seen alongside the rest of the build results.

gif of View any governance rule violations for CI/CD builds in Postman
View any governance rule violations for CI/CD builds in Postman

Evolve the governance controls as needed

We understand that the governance controls may vary across different APIs and different business units. You may encounter scenarios where governance rules may not be applicable for a specific API.

Postman v10 provides a way to navigate this change against a growing API landscape. Using the Postman desktop or web app, developers are able to hide governance rule violations in case you feel that the respective rule might not be needed for your API. As part of this workflow, you’ll also be able to choose a reason for hiding the same.

gif of Governance violations for API definitions can be hidden
Governance violations for API definitions can be hidden

Any collaborators on your API will be able to view the hidden rule violations using the Review hidden violations link in the pane as shown below.

gif of Hidden governance violations on the API definition can  be reviewed
Hidden governance violations on the API definition can  be reviewed

Over time, business use cases might change and APIs might evolve regarding maturity and scope. At this point, previously hidden violations might need to be enforced. In these scenarios, any collaborator can pop over to the same list and unhide the respective violation for Postman to start, highlighting the violation for all future updates to the respective API.

gif of Collaborators on the API definition can review and un-hide hidden violations
Collaborators on the API definition can review and unhide hidden violations

This provides a feedback loop between API designers or architects designing the style guide and the developers who are conforming to these rules within Postman. This is an early step from our side to enable collaborative loops between the two parties that we see often intersect a little later in the API development process. In upcoming versions of the API Governance product, we aim to improve these collaborative loops, shifting the discussions and debates earlier in the API lifecycle.


As your API landscape and your API program grow, so does the need for you to have visibility into the adoption and success of your governance program.

We see a few questions often come up in growing API programs:

  • Are the configured governance rules being enforced effectively?
  • What are the different problem areas contributing to governance posture?
  • Which APIs or aspects of governance need to be tackled first?

The Reports section of the Postman API Platform is designed to answer these questions. It provides engineering and business leaders with the right starting point to assess and improve the state of their API landscape. Stay tuned to the Postman blog for upcoming feature announcements around these.

What’s next?

Postman’s API Governance can support customers at any point in their API-first journey. For those just starting out, we provide an industry-aware and growing template. For those further along in their journey, the platform allows for customizations with the flexible Spectral Engine to support these growing requirements. Postman’s new API Governance is embedded into each stage of the API lifecycle to ensure that your APIs are designed, built, and distributed in a consistent manner that supports greater adoption and use. We’re now very excited to have you try this out and embed this into your own API program!

Sign up for early access to API Governance; schedule a time with us to learn more. If your organization is interested in learning more about how to adopt Postman enterprise-wide, talk to our sales team.

What do you think about this topic? Tell us in a comment below.


Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.